CVE-2016-2558: Kernel driver escape allows untrusted pointer

The Kernel Mode Driver Escape interface layer can allow use of an untrusted pointer.

Exploit Scope and Risk:

This issue can lead to increased risk of malicious code access to privileged resources. The vulnerability could be exploited to cause the access of uninitialized or out of bounds memory leading to information disclosure, crashes or denial of service, and potential escalation of privilege.

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration.

Vulnerable Configurations:

The vulnerabilities in the Kernel Mode Driver layer exist only in NVIDIA Windows GPU drivers. These issues affect all GPU products and are not specific to any GPU-class device.

Vulnerability Discovery:

This issue was identified by NVIDIA.

Fix:

NVIDIA recommends that users upgrade to the fixed driver versions available on nvidia.com as listed in table below. Please note that all R358 and R361 branch drivers include the fix for this issue.